<?php
session_start();
ob_start();
$host="localhost";
$username="root";
$password="";
$database="cs4400_group17";

$tbl_name="user";

mysql_connect($host,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

echo "CALLING ME";

$loginEmail=$_POST['userEmail'];
$loginPIN=$_POST['userPIN'];

// To protect MySQL injection
$loginEmail = stripslashes($loginEmail);
$loginPIN = stripslashes($loginPIN);
$loginEmail = mysql_real_escape_string($loginEmail);
$loginPIN = mysql_real_escape_string($loginPIN);

$sql="SELECT * FROM $tbl_name WHERE Email='$loginEmail' and PIN='$loginPIN'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
	// Register userEmail, userPIN, userName and redirect to file "login_success.php"
	$row = mysql_fetch_assoc($result);
	$_SESSION['userEmail'] = $row['Email'];
	$_SESSION['userPIN'] = $row['PIN'];
	$_SESSION['userName'] = $row['Name'];
	header("location:VerifiedLogin.php");
}
else {
echo "Wrong Username or PIN";
header("location:FailedLogin.html");
}
ob_end_flush();
?>